Description
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109571883130372&w=2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-553
Various Sources x_refsource_confirm
http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200409-32.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17439
Scores
EPSS
0.0009
EPSS Percentile
24.9%
Details
Status
published
Products (27)
gentoo/linux
1.4
getmail/getmail
2.3.7
getmail/getmail
3.x
getmail/getmail
4.0
getmail/getmail
4.0.0_b10
getmail/getmail
4.0.1
getmail/getmail
4.0.2
getmail/getmail
4.0.3
getmail/getmail
4.0.4
getmail/getmail
4.0.5
... and 17 more
Published
Jan 27, 2005
Tracked Since
Feb 18, 2026